<?php require_once('../../Connections/localhost.php'); ?>
<?php

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

mysql_select_db($database_localhost, $localhost);

	$act=$_GET['act'];
	if($act==""){
		$sql = "SELECT * FROM product ORDER BY ngaynhap DESC";
		$query = mysql_query($sql, $localhost) or die(mysql_error());
		$row = mysql_fetch_assoc($query );
		$totalRows_ViewAll = mysql_num_rows($row);
		
	}elseif($act=="view"){
		$colname_sql = "-1";
		if (isset($_POST['$masp'])) {
		  $colname_sql = $_POST['$masp'];
		}
		$sql = sprintf("SELECT * FROM product WHERE masp = %s ORDER BY ngaynhap DESC", GetSQLValueString($colname_sql, "text"));
		$query = mysql_query($sql, $localhost) or die(mysql_error());
		$row = mysql_fetch_assoc($query);
		$totalRows_sql = mysql_num_rows($query);
		
	}elseif($act=="edit"){
		
	}elseif($act=="update"){
		
	}elseif($act=="insert"){
		
	}elseif($act=="delete"){
		
	}

mysql_free_result($query);
?>
